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DETAILED ACTION 

The instant application having Application No. 10/598,218 filed on 8/21/06 is 
presented for examination by the examiner. 

Priority 

Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 
1 19(a)-(d). The certified copy has been received. 



Claim Objections 

Claims 1-5 are objected to because of the following informalities: 

As per claim 1 , the application module lacks antecedent basis. 

As per claim 2, the unchanged function lacks antecedent basis. 

As per claim 3, the authorized application module lacks antecedent basis. 

As per claim 4, the access space lacks antecedent basis. 

Claim 5 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. Claim 5 cites the 
application-based access control method according to claim 4. Claim 4 is directed to an 
access control method. 
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Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming 
the subject matter which the applicant regards as his invention. 

Claim 1-6 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

As per claim 1 , the phrase input/output renders the claim indefinite. The slash 
may imply both or the alternative. The claim language should definitely point out 
whether input and output are both subject to encryption and decryption or rather only 
one way is necessary. Appropriate correction is required. 

Claims 2 and 3 are rejected for at least the above reason being a dependent 
claim and not overcoming the ground for rejection. 

As per claim 4, the phrase encryption/decryption renders the claim indefinite for 
the same reason as mentioned in the rejection of claim 1 under 35 USC 112, 2nd 
paragraph. Other problems dealing with the distinction of the subject matter are present 
in claim 4. In particular, both a hard disk, disk drive, and a VSD drive are listed in the 
claim. Other than stating there is a hard disk, no other operation is tied to it. It is 
unclear how the three are independent and distinct. Furthermore, step (g) and step (h) 
conflict with one another. In step (g) authorization is performed to allow access to the 
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application module. When step (h) refers back to step (g) it states the condition of 
whether or not the application module was authorized. So in step (g), determination of 
something accessing the application module is made but in step (h), authorization on 
the application module is performed. So it is unclear whether something is gaining 
access to the application module, or the application module, itself, is gaining access to 
something. Claim 4, recites the multiple application modules but then refers to the 
application module. It is unclear which application module is being addressed. 

As per claim 5, there seems to be a conflict in the authorization condition 
concerning the functions. Claim 4 seems to provide the original function when the 
application module has been authorized (step (h)). Claim 5, seems to contradict this 
notion by claiming to stop the function if the application module has been authorized. 
Claim 5 then goes on to claim, performing the operation if the application module is 
been unauthorized. 

Claim 6 is ejected for at least the above reason being a dependent claim and not 
overcoming the ground for rejection. 



The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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Claim 5 and 6 are rejected under 35 U.S.C. 112, first paragraph, because the 
specification, while being enabling for performing a function if the application module is 
authorized, does not reasonably provide enablement for performing a function if the 
application module is unauthorized. The specification does not enable any person 
skilled in the art to which it pertains, or with which it is most nearly connected, to use the 
invention commensurate in scope with these claims. The rejection stems from the 
contradiction found in claim 5 to its parent claim 4. Overcoming that rejection should 
overcome this rejection as well. 

Claim 6 is ejected for at least the above reason being a dependent claim and not 
overcoming the ground for rejection. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1-6 are rejected under 35 U.S.C. 102(e) as being anticipated by USP 
7,428,636 to Waldspurger et al., hereinafter Waldspurger. 

As per claim 1 , Waldspurger teaches an access control system, comprising: 
a Virtual Secure Disk (VSD) image file module occupying a certain space of a hard disk 
in a file form (col. 2, line 56); 

a VSD drive for processing security-sensitive files within the VSD image file 
module (col. 2, line 55); 

an encryption and decryption module for encrypting and decrypting data 
input/output between the VSD image file module and the VSD drive (col. 3, lines 52-55); 

a VSD file system module for allowing an operating system to recognize the VSD 
drive as a separate disk volume at a time of access to the security-sensitive files within 
the VSD image file module (col. 2, line 56 and col. 8, line 1 2); and 

an access control module for determining access by determining whether an 
access location is a disk drive or the VSD drive (col. 2, lines 40-44) and the application 
module has been authorized to access a certain file at a time of access to the file, which 
is stored on the hard disk, to perform tasks in the application module (col. 10, line 19- 
22). 

As per claim 2, Waldspurger teaches wherein the access control module 
comprises: 

an extended system service table for allowing the operation of a corresponding 
function to be performed when it is pointed at by a descriptor (col. 9, lines 21-25); 
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and an extended system table for changing a function, which is requested of the 
service system table by the application module, to prevent operation of the function, 
determining whether a space in which a corresponding task is performed is the disk 
drive or the VSD drive, determining whether access to the corresponding file by the 
application module has been authorized, and providing the unchanged function to the 
extended system service table or stopping the operation of the function according to 
results of the determination (col. 17, lines 15-25). Waldspurger mentions two different 
ways a function can be changed. First it can be changed by adjusting it to match the 
virtual addresses that must ultimately address a physical block on a disk. Secondly, 
Waldspurger teaches that a read operation is changed to a decryption operation to 
decrypt encrypted data and then the changed back to a read operation to send the 
decrypted data back to the requestor. The same type of change is performed when a 
write command is performed when it first must be encrypted before writing the data to 
the drive. Waldspurger also teaches a variation of the latter type by instituting a change 
of function when a user/process tries to write to a read only file. The write function is 
changed to a copy function and the new file is encrypted and written. This occurs when 
changes are not authorized for the copy protected file. 

As per claim 3, Waldspurger teaches wherein the VSD image file module virtually 
occupies the hard disk so as to allow the operating system to recognize the data as 
being assigned to a certain space of the hard disk without performing physical 
assignment for storing the data on the hard disk, so that the authorized application 
module can physically assign the data to the space (col. 2, lines 53-60). 
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As per claim 4, Waldspurger teaches an access control method, which is 
performed by an access control system having a hard disk (col. 5, line 7), a disk drive 
(col. 2, line 40), a file system module (col. 2, line 56), an application module (col. 1 1 , 
line 41), a VSD image file module [VM], a VSD drive (col. 2, line 56), an 
encrypting/decrypting module (col. 3, lines 52-55), a VSD file system module (col. 8, line 
12), and a control access module (col. 2, lines 40-44) including an extended system 
service table (col. 7, lines 21-25) and an extended service table (col. 17, lines 15-25) , 
comprising the steps of: 

(a) authorizing the application modules (col. 1 1 , lines 40-42); 

(b) the application module calling a function from an operating system to access 
a corresponding file (col. 5, line 45-50 and col. 8, lines 6-10); 

(c) the operating system providing the function to the extended service table (col. 
6, lines 39-40); 

(d) changing the function into an arbitrarily designated function to prevent the 
operation of the function in the extended service table (col. 8, lines 10-15); 

(e) determining whether of the file is the disk drive or the VSD drive in the 
extended service table (col. 10, lines 20-25); 

(f) returning the arbitrarily designated function to the original function whose 
operation is possible, and providing the original file to the extended system service 
table if it is determined that the access space is the disk drive at step (e) (col. 10, lines 
15-17 and line 31); 
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(g) determining whether access to the application module has been authorized if 
it is determined that the access space is the disk drive at step (e) (col. 1 1 , lines 40-43); 

(h) returning the arbitrarily designated function to the original function whose 
operation is possible, and providing the original function to the extended system service 
table if it is determined that the application module has been authorized at step (g) (col. 
10, lines 35-40); and 

(i) stopping the operation of the corresponding function if it is determined that the 
application module has not been authorized at step (g). Waldspurger teaches that only 
one VM can read the encrypted data of its area. No other VM can read another's 
encrypted data because each user choices his/her own keys. Waldspurger mentions 
two different ways a function can be changed. First it can be changed by adjusting it to 
match the virtual addresses that must ultimately address a physical block on a disk. 
Secondly, Waldspurger teaches that a read operation is changed to a decryption 
operation to decrypt encrypted data and then the changed back to a read operation to 
send the decrypted data back to the requestor. The same type of change is performed 
when a write command is performed when it first must be encrypted before writing the 
data to the drive. Waldspurger also teaches a variation of the latter type by instituting a 
change of function when a user/process tries to write to a read only file. The write 
function is changed to a copy function and the new file is encrypted and written. This 
occurs when changes are not authorized for the copy protected file. 

As per claim 5, Waldspurger teaches if the function is a function requesting a 
Write operation (col. 1 1 , line 51 ), the step (e) comprises the steps of: 
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determining whether the application module has been authorized [each VM 
encrypted data protected from others]; 

stopping the operation of the function if it is determined the application module 
has been authorized (col. 1 1 , lines 40-43); and 

the arbitrarily designated function returning to the original function, the operation 
of which is possible, and being provided to the extended system service table if it is 
determined that the application module has been unauthorized (col. 10, lines 35-40). 

As per claim 6, Waldspurger teaches the step of the encryption and decryption 
module encrypting and decrypting data that are input and output between the VSD 
image file module and the VSD drive (col. 3, lines 53-55). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure is listed on the enclosed PTO-892 form. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 



